Page 404 - Towards Trustworthy Elections New Directions in Electronic Voting by Ed Gerck (auth.), David Chaum, Markus Jakobsson, Ronald L. Rivest, Peter Y. A. Ryan, Josh Benaloh, Miroslaw Kutylowski, Ben Adida ( (z-lib.org (1)

P. 404

A. Essex, J. Clark, and C. Adams
396
Security Analysis
4
In this section, we describe how Aperio meets the E2E integrity criteria as defined
in section 2. Further, we analyse the attack vectors that an adversary could use
to attempt to corrupt the results of an election and demonstrate the protections
offered by Aperio to thwart these attacks.
4.1 A Positive Assertion of Security
Let an unmarked Aperio ballot assembly be the tuple o, s, c p ,c g for candidate
order, serial number, commitment reference number of the pink sheet, and com-
mitment reference number of the goldenrod sheet. Let ρ denote the position
marked by the voter on each element of the ballot assembly. For the following
discussion, again consider the instance in which the pink receipt commitment
list and the goldenrod ballot commitment list were selected to be decommit-
ted (although the following security properties are invariant to any particular
selection). The audit process establishes the following facts:
1. The voter’s receipt contains s, ρ . By matching the voter’s receipt to the
receiptcommitmentlist, it can be verified that ρ (of row s of the receipt

commitment list) matches the ρ on the voter’s receipt. Therefore, the voter’s
mark is included unmodified in the collection of ballots—the first E2E cri-
terion.
2. The print audit verifies that s and c p printed on a ballot are the same as in
the commitment reference sheet and additionally,
3. Verifies o and c g are the same as on the ballot reference sheet.
4. Since 2 and 3 are dependent on a random decision, it is probabilistic that s
and c g also are consistent between the printed ballots and reference sheets,
and additionally,
5. It is probabilistic that o and c p also are consistent between the printed ballots
and reference sheets. If the printed ballots are not consistent, this would be
detected with probability 1−(1−Y ) x−1 where Y is the percentage of receipts
checked and x is the number of audit sheets.
6. By combining facts 2 and 5, or similarly 3 and 4, we infer that s and o on
the sheets are consistent with what the voter saw in the polling booth.
7. By combining 1 and 6, the voter is assured that the same ρ at s on their
receipt is in the ballot commitment list somewhere beside the same o that
was on their ballot.
8. Finally, given 7, the voter can generate a correct tally for all votes using
the ballot reference sheet proving that the collection of ballots is tallied
correctly—the second property of an E2E election.

The indirectness of this proof prevents the voter from proving which candidate
they voted for to a coercer or someone wishing to purchase their vote. The tally
that was generated to provide fact 8 can also be compared to the oﬃcial tally
generated using the original paper ballots for additional assurance.

399 400 401 402 403 404 405 406 407 408 409